IN THE CLAIMS : 

Please amend claims 1-2, 4, 6, 13-14, 17, 21, 23, 27-29, and 31. 

Please cancel claims 10-12, 16, 18-20, and 22, without prejudice or disclaimer. 

1 . (Currently Amended) A method, comprising: 

maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment, said message indicating 
that an address of a network node certificate provisioning gateway for certificate issuance 
and delivery procedure in a visited network is requested by the subscriber's user 
equipment , the certificate provisioning gateway serving at least one certificate authority ; 
and 

determining, in response to receiving the message, on the basis of the subscriber's 
location information the address of the network node certificate provisioning gateway . 

2. (Currently Amended) The method of claim 1, further comprising: 
receiving in the message from subscriber's user equipment further the address of 

the network node certificate provisioning gateway : 

checking whether or not the address which the message indicated corresponds to 
the address determined on the basis of the location information; and 

if they do not correspond to each other, using the address determined on the basis 
of the location information. 
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3. (Previously Presented) The method of claim 1, further comprising: 
receiving further in the message subscriber's location information; 

checking whether or not the location information in the message corresponds to 
the location information maintained in the system; and 

using the maintained location information if it does not correspond to the location 
information in the message. 

4. (Currently Amended) A method, comprising: 

receiving in a mobile communication system a message from subscriber's user 
equipment, the message indicating subscriber's location information in a visited network 
of the subscriber; and 

determining, in response to the message, on the basis of the subscriber's location 
information an address of a network node certificate provisioning gateway in the visited 
network , the certificate provisioning gateway serving at least one certificate authority , 
wherein the address of the network node certificate provisioning gateway is determined 
for certificate issuance and delivery procedure in the visited network. 

5. (Previously Presented) The method of claim 4, further comprising: 
receiving in the message from subscriber's user equipment further a global cell 

identifier which indicates the subscriber's location information. 
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6. (Currently Amended) A method, comprising: 
authenticating the subscriber; and 

transmitting during the subscriber authentication to the user equipment at least part 
of the information required for obtaining a certificate from a certificate issuance service 
in another network than a home network in a mobile communication system after the 
subscriber authentication , the part of the information including at least one from a group 
comprising an address of a certificate provisioning gateway via which the certificate 
issuance service is provided in the other network, the certificate provisioning gateway 
serving at least one certificate authority, a public key required for the certificate issuance 
service in the other network, and an indication of the protocol required for the certificate 
issuance service in the other network . 

7. (Previously Presented) The method of claim 6, further comprising: 
performing the authentication as an application level authentication. 

8. (Previously Presented) The method of claim 6 5 further comprising: 
utilizing said part of the information during a certificate issuance procedure after 

the authentication in a visited network by the user equipment. 

9. (Previously Presented) The method of claim 6, further comprising: 
transmitting in said part of the information location network specific information. 
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10-12. (Cancelled) 



13. (Currently Amended) The method of claim 6, further comprising ^ when 
transmitting in said part of the information includes at least aa-the address of athe 

network node certificate provisioning gateway via which the certificate issuance service is 
provided,, to the user equipment; and 

transmitting from the user equipment a certificate request to the network 
node certificate provisioning gateway . 

14. (Currently Amended) A method, comprising: 
authenticating a subscriber; 

receiving, from subscriber's user equipment, a message relating to a certificate 
issuance service in another network than a home network in a mobile communication 
system; and 

transmitting, in response to the message, to the user equipment in a reply message 
at least part of information required for obtaining a certificate from the certificate 
issuance service in the other network, the part of the information including at least one 
from a group comprising an address of a certificate provisioning gateway via which the 
certificate issuance service is provided in the other network, the certificate provisioning 
gateway serving at least one certificate authority, a public key required for the certificate 
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issuance service in the other network, and an indication of the protocol required for the 



certificate issuance service in the other network-. 



15. (Previously Presented) The method of claim 14, further comprising: 
transmitting the message and the reply message in an integrity protected channel. 

16. (Cancelled) 

17. (Currently Amended) The method of claim 1614, further comprising , when 
said part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided^ 

transmitting from the user equipment a certificate request to the network 
ned ecertiflcate provisioning gateway . 

18-20. (Cancelled) 

21 . (Currently Amended) A mobile communication system, comprising: 

at least user equipment; 

a home network for the user equipment; and 

a visited network comprising at least a network node certificate provisioning 
gateway for a certificate issuance and delivery procedure, said network node certificate 
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provisioning gateway serving a certificate authority, wherein an address of the network 
node certificate provisioning gateway is determined on the basis of location information 
of the user equipment in response to a sent message from the user equipment, said 
message indicating that an address of a network node certificate provisioning gateway for 
certificate issuance and delivery procedure in a visited network is requested by the user 
equipment . 

22. (Cancelled) 

23. (Currently Amended) The system of claim 21 further comprising: 

a gateway network for certificate requests in a home network of the user 
equipment, the gateway network being configured to perform the network node certificate 
provisioning gateway address determination. 

24. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

if it does not correspond to the location information in the message, sending an 
error indication by using the maintained location information. 
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25. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

using the location information in the message if it does not correspond to the 
maintained location information. 

26. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

if it does not correspond to the maintained location information, sending an error 
indication by using the location information in the message. 

27. (Currently Amended) A method, comprising: 
authenticating a subscriber; and 

transmitting after the authentication via an authenticated channel to subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information containing information required for obtaining a certificate from the 
certificate issuance service in the other network . 
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28. (Currently Amended) A network — node certificate provisioning gateway 
serving a certificate authority in a mobile communication system, wherein the network 
node certificate provisioning gateway is in a home network of a subscriber and is 
configured to determine, in response to receiving a message indicating a request for a 
certificate issuance service from the subscriber, an address of another network 
node certificate provisioning gateway required for providing the certificate issuance 
service for the subscriber on the basis of subscriber's location information, said another 
network node certificate provisioning gateway being in another network than the home 
network. 

29. (Currently Amended) The network node certificate provisioning gateway of 
claim 28, wherein the other network node certificate provisioning gateway is in a visited 
network. 

30. (Previously Presented) User equipment in a mobile communication system, 
wherein the user equipment is configured to receive at least part of information required 
for a certificate issuance service in a location network of the user equipment after the user 
equipment has been authenticated, said location network being a visited network and said 
at least part of the information containing information required for obtaining a certificate 
from the certificate issuance service in the visited network. 
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31. (Currently Amended) The user equipment of claim 30, wherein the user 
equipment is arranged to receive said part of the information from a network 
node certificate provisioning gateway with which the user equipment was authenticated, 
the network node certificate provisioning gateway being in a home network. 
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